Privacy Policy

IDTECK Co., Ltd. (hereinafter referred to as “the Company”) is making the utmost effort to comply with the Act on the Promotion of Information and Communications Network Utilization and Information Protection, etc., the Personal Information Protection Act, and GDPR, and intends to establish and publish the following Privacy Policy in order to protect users’ personal information and handle their grievances quickly and smoothly.

Article 1. Items of Personal Information to be Collected
Article 2. Purpose of Collection and Use of Personal Information
Article 3. Period of Retention and Use of Personal Information
Article 4. Provision of Personal Information to Third Parties
Article 5. Outsourcing Personal Information Processing and Cross-Border Transfer
Article 6. Rights and Obligations of Information Subjects
Article 7. Installation, Operation and Rejection of the Automated Personal Information Collection System
Article 8. Procedures and Methods of Destruction of Personal Information
Article 9. Measures to Ensure the Safety of Personal Information
Article 10. Chief Privacy Officer and Contact Information
Article 11. Privacy Policy Changes and Notice Obligations

Article 1. Items of Personal Information to be Collected

1) Items to be collected
The Company shall collect the following personal information.
<Information to be Collected on the Website>

Classification	Items to be collected
Membership Registration	Required Items: User email, password, mobile phone number, Time zone, user name, Site name

<Information to be Collected on the App>

Classification	Items to be collected
Mobile card issuance	Required Items: OS information, Device virtual serial number, User email or mobile phone number

<Information to be Used on the App>

Classification	Items to be collected
Card Information	Required Items: Name, and mobile card information, Site administrator’s additional input items such as User Company, User department, etc.
Device Information	Required Items: Device virtual serial number, OS information, GPS

2) Methods of Collection
The Company shall collect personal information in the following ways.

• Site administrator or Users entering information via the website

• Automatic input from other system databases set by site administrator

• Transmissions of location information in occasion of authentication process on App.

Article 2. Purpose of Collection and Use of Personal Information

The Company shall collect and use personal information for the following purposes. The collected personal information shall not be used for any purposes other than the following, and if the purposes of use are changed, the Company shall take legally necessary measures such as asking for prior consent.

Classification	Purpose
Membership Registration	Managing member information and providing services

<Information to be Used on the App>

Classification	Purpose
Card Information	Providing app services and card verification
Device Information	Providing device verification services

Article 3. Period of Retention and Use of Personal Information

The Company will promptly discard the User’s personal information once it achieves the purpose for which the information was collected and used, unless the relevant laws require it to retain the information.
If the User consents at the time of collecting the personal information, the Company retains the information for the agreed period.
In accordance with the Personal Information Protection Act and the Enforcement Decree of the same Act, in the event that the User does not use the services for a consecutive year, the Company may terminate the contract with the User and take necessary measures including the discarding of the User’s personal information. In such cases, the Company will notify the User of its intention to take the necessary measures, along with the end date of the retention period and the items of personal information retained, by 30 days before the date when the Company takes the measures.
If you wish to withdraw your consent, you can do so at the Company website or by contacting the Company’s privacy department (privacy@idteck.com), in which case the Company will promptly process your request after verifying your identity.

Items to retain	Legal basis	Retention period
Users’ log records Users’ access point tracking data	Article 41, Enforcement Decree of the Protection of Communications Secrets Act	3 months
Other communication confirmation data		12 months
Records related to displays and advertisements	Article 6, Enforcement Decree of the Act on the Consumer Protection in Electronic Commerce	6 months
Records related to contracts or withdrawal from contracts		5 months
Records related to payment, provision of goods, etc.		5 months
Records related to consumer complaints or dispute resolution		3 months

 

Article 4. Provision of Personal Information to Third Parties

The Company shall not use users’ personal information or provide it to a third party under any circumstances, except in cases where the user has consented to such a provision or where it is required by applicable laws and regulations.

Article 5. Outsourcing Personal Information Processing and Cross-Border Transfer

1) The Company shall use the following cloud service in order to smoothly provide information, stable service and the latest technologies, etc. The technical and administrative protection measures of the cloud service shall comply with the entrustee’s policy. The entrustee shall only perform physical management and shall not access users’ data.

 

IDTECK Portal

Entrustee	Contact	Purpose of transfer (entrusting)	Countries to which the information is transferred	Date and methods of transfer	Items to be transferred (entrusted)	Retention period and use of personal information
ITEASY CORP.	https://iteasy.co.kr/	Provision of services and storage of personal information	Republic of Korea, Seoul	Transmitting through networks when users enter personal information on the website, Transmitting through networks after users provide personal information off-line	Making Inquiries Membership Registration Error Analysis	Deletion after storing for 6 months Deletion if it is not used for 2 years Immediate deletion in the case of withdrawal Immediate deletion after analysis

2) The Company shall manage and supervise the entrustee to ensure that it does not process personal information other than for the intended purposes, that it complies with technical and administrative protection measures, and that it does not violate other laws and regulations related to personal information.
3) If the details of the entrusted work or the entrustee are changed, users will be notified via the Privacy Policy without delay.

Article 6. Rights and Obligations of Information Subjects

1. An information subject may exercise its rights against the Company at any time, including the right to demand the Company to provide access to, delete, or discontinue the processing of, his/her personal information.

2. An information subject may exercise his/her rights against the Company in writing via email or fax. The Company will process the demand without delay.

3. An information subject may also exercise his/her rights through his/her statutory representative, or a representative authorized by the subject. In such cases, the representative should provide a power of attorney prepared.

4. If the information subject is under 14, such demand should be made by his/her statutory representative. If the information subject is 14 or older but still a minor, the information subject may exercise his/her rights on his/her own or through his/her statutory representative.

5. An information subject’s right to demand access to or discontinuation of the processing of his/her personal information may be restricted under Articles 35 (4) and 37 (2) of the Personal Information Protection Act.

6. An information subject may not demand the Company to correct or delete his/her personal information of which collection is required by other laws.

7. Upon receiving a demand for access to, deletion of, or discontinuation of processing of, personal information, the Company will verify whether the demand was made by the information subject or a due representative.

Article 7. Installation, Operation and Rejection of the Automated Personal Information Collection System

The Company shall use session and local storage technologies, which are technologies similar to cookies. The storage technology is a small text file stored on a user’s PC when they log in. This text file stores any information that the website can read for when the website is re-visited.The Company shall use session and local storage technologies, which are technologies similar to cookies. The storage technology is a small text file stored on a user’s PC when they log in. This text file stores any information that the website can read for when the website is re-visited.The Company shall use the session and local storage technology as follows:

• To maintain the users’ session when they use the services

• To provide improved usability when users use the servicesAny information stored in session and local storage is as follows:

• Any token information to maintain the session

• Service language chose by users

• User ID for simple log-in, if chosen by the userBy continuing to use the services, users consent to use by the Company of technologies similar to cookies in accordance with the Privacy Policy

1. The Company shall use cookies when the website is accessed in order to provide a more adequate and useful service to users.

2. A cookie refers to a text file automatically transmitted to a user’s computer when the Company’s website is accessed.

① Any member may choose whether to use cookies.

② Methods to reject cookies 

 

※ How to Change Cookie Settings

1. Internet Explorer 11 for Windows 10: Confirm and delete the region of use

• Run Internet Explorer, click the Tools button, and select Internet Options.

• Go to the Personal Information tab, select Advanced in Settings, and block or allow cookies

2. Microsoft Edge

• Run Edge, click ‘…’ on the top right corner, and click Settings.

• Click ‘Personal Information, Search, and Services’ on the left side of the Settings page, and go to the ‘Tracking Prevention’ section to choose whether to use tracking prevention and set the prevention level.

• Choose whether to ‘Always Use “Strict” Tracking prevention when browsing In Private.’

• Go to the Personal Information section below to choose whether to ‘Send a ‘Do Not Track Request.’

3. Chrome

• Run Chrome, click the ‘⋮’ mark on the top right corner (Chrome Customization and Control), and set the Settings icon.

• Click ‘Show Advanced Settings’ at the bottom of the Settings page, go to the Personal Information section, and click Content Settings.

• In the Cookie section, check the box for ‘Block Other Companies’ Cookies and Website Data.’

4. Safari

• Run the Safari app for Mac, go to Settings, and click Personal Information Protection.

• Click Website Data Management

• Choose one or more websites and click Remove or Remove All.

Article 8. Procedures and Methods of Destruction of Personal Information

In principle, once the Company has achieved the intended purpose of processing personal information, it shall delete said personal information without delay. This deletion shall be subject to the following procedures, schedule and methods:
1) Procedures for Deletion
Information entered by a user shall be transferred to a separate database (or a separate document if provided in hardcopy) once the intended purpose has been achieved, and stored for a certain period in accordance with internal policies and other related laws. Otherwise, it will be immediately deleted. At this time, the personal information transferred to the database shall not be used for any other purpose, except as required by law.
2) Methods for Deletion
Any information in the form of electronic files shall be deleted through a technical method that makes the records unrecoverable. Personal information printed in hard copy shall be shredded or incinerated.

Article 9. Measures to Ensure the Safety of Personal Information

The Company shall take all technical, administrative and physical measures necessary to ensure safety, as follows:
1) Administrative Measures
Establishment of, compliance with, inspection of, and education regarding information-security-related regulations and guidelines, and internal management plans, etc.
2) Technical Measures
Access authority management/verification of personal information processing system, etc., installation/operation of an access control system and security program, encryption of personal information, encryption transmission, etc.
3) Physical Measures
Establishment/operation of regulations on computer room access control, etc.